Inferring protocol state machine for binary communication protocol

Author

Fanzhi Meng ; Yuan Liu ; Chunrui Zhang ; Tong Li ; Yang Yue

Author_Institution

Inst. of Comput. Applic., Mianyang, China

fYear

2014

fDate

29-30 Sept. 2014

Firstpage

870

Lastpage

874

Abstract

Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.

Keywords

finite state machines; telecommunication networks; telecommunication security; transport protocols; ARP; TCP; binary communication protocol network; inferring protocol state machine; network security; protocol specification mining; Algorithm design and analysis; Clustering algorithms; Conferences; Matrices; Protocols; Reverse engineering; Security; binary communication protocol; protocol reverse; protocol state machine; state relevant fields;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Research and Technology in Industry Applications (WARTIA), 2014 IEEE Workshop on

Conference_Location

Ottawa, ON

Type

conf

DOI

10.1109/WARTIA.2014.6976411

Filename

6976411